Vulnerabilities > CVE-2017-9776 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2550.NASL description An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 102883 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102883 title CentOS 6 : poppler (CESA-2017:2550) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2550 and # CentOS Errata and Security Advisory 2017:2550 respectively. # include("compat.inc"); if (description) { script_id(102883); script_version("3.12"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2017-9776"); script_xref(name:"RHSA", value:"2017:2550"); script_name(english:"CentOS 6 : poppler (CESA-2017:2550)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)" ); # https://lists.centos.org/pipermail/centos-announce/2017-August/022527.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?51230318" ); script_set_attribute( attribute:"solution", value:"Update the affected poppler packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9776"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-glib-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-qt4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-qt4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/22"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"poppler-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-glib-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-glib-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-qt-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-qt-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-qt4-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-qt4-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"poppler-utils-0.12.4-12.el6_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler / poppler-devel / poppler-glib / poppler-glib-devel / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20170830_POPPLER_ON_SL7_X.NASL description Security Fix(es) : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-03-18 modified 2017-08-31 plugin id 102853 published 2017-08-31 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102853 title Scientific Linux Security Update : poppler on SL7.x x86_64 (20170830) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(102853); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2017-9775", "CVE-2017-9776"); script_name(english:"Scientific Linux Security Update : poppler on SL7.x x86_64 (20170830)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=23809 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e83d3091" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-cpp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-utils"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/22"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-cpp-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-cpp-devel-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-debuginfo-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-demos-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-devel-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-glib-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-glib-devel-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-qt-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-qt-devel-0.26.5-17.el7_4")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-utils-0.26.5-17.el7_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20170830_POPPLER_ON_SL6_X.NASL description Security Fix(es) : - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-03-18 modified 2017-08-31 plugin id 102852 published 2017-08-31 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102852 title Scientific Linux Security Update : poppler on SL6.x i386/x86_64 (20170830) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(102852); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2017-9776"); script_name(english:"Scientific Linux Security Update : poppler on SL6.x i386/x86_64 (20170830)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=24152 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b47b285c" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-utils"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/22"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"poppler-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-debuginfo-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-glib-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-glib-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-qt-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-qt-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-qt4-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-qt4-devel-0.12.4-12.el6_9")) flag++; if (rpm_check(release:"SL6", reference:"poppler-utils-0.12.4-12.el6_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler / poppler-debuginfo / poppler-devel / poppler-glib / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3440-1.NASL description It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 17.04 and 16.04. (CVE-2017-14926, CVE-2017-14928) Alberto Garcia, Francisco Oca and Suleman Ali discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-9776). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103731 published 2017-10-09 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103731 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : poppler vulnerabilities (USN-3440-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3440-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(103731); script_version("3.12"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-14518", "CVE-2017-14520", "CVE-2017-14617", "CVE-2017-14926", "CVE-2017-14928", "CVE-2017-14929", "CVE-2017-14975", "CVE-2017-14977", "CVE-2017-9776"); script_xref(name:"USN", value:"3440-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : poppler vulnerabilities (USN-3440-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 17.04 and 16.04. (CVE-2017-14926, CVE-2017-14928) Alberto Garcia, Francisco Oca and Suleman Ali discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-9776). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3440-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler44"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler58"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:poppler-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/22"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libpoppler44", pkgver:"0.24.5-2ubuntu4.7")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"poppler-utils", pkgver:"0.24.5-2ubuntu4.7")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libpoppler58", pkgver:"0.41.0-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"poppler-utils", pkgver:"0.41.0-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"libpoppler64", pkgver:"0.48.0-2ubuntu2.3")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"poppler-utils", pkgver:"0.48.0-2ubuntu2.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpoppler44 / libpoppler58 / libpoppler64 / poppler-utils"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1074.NASL description Several buffer and integer overflow issues were discovered in Poppler, a PDF library, that could lead to application crash or possibly other unspecified impact via maliciously crafted files. For Debian 7 last seen 2020-03-17 modified 2017-08-30 plugin id 102823 published 2017-08-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102823 title Debian DLA-1074-1 : poppler security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1074-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(102823); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4473", "CVE-2013-4474", "CVE-2017-9775", "CVE-2017-9776", "CVE-2017-9865"); script_bugtraq_id(63368, 63374); script_name(english:"Debian DLA-1074-1 : poppler security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several buffer and integer overflow issues were discovered in Poppler, a PDF library, that could lead to application crash or possibly other unspecified impact via maliciously crafted files. For Debian 7 'Wheezy', these problems have been fixed in version 0.18.4-6+deb7u2. We recommend that you upgrade your poppler packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/08/msg00025.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/poppler" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-private-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt4-3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler19"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"gir1.2-poppler-0.18", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-cpp-dev", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-cpp0", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-dev", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-glib-dev", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-glib8", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-private-dev", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-qt4-3", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler-qt4-dev", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libpoppler19", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"poppler-dbg", reference:"0.18.4-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"poppler-utils", reference:"0.18.4-6+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1230.NASL description According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103088 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103088 title EulerOS 2.0 SP2 : poppler (EulerOS-SA-2017-1230) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103088); script_version("3.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-9775", "CVE-2017-9776" ); script_name(english:"EulerOS 2.0 SP2 : poppler (EulerOS-SA-2017-1230)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1230 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1caec7a4"); script_set_attribute(attribute:"solution", value: "Update the affected poppler packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["poppler-0.26.5-17", "poppler-glib-0.26.5-17", "poppler-qt-0.26.5-17", "poppler-utils-0.26.5-17"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4079.NASL description Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 105623 published 2018-01-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105623 title Debian DSA-4079-1 : poppler - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4079. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(105623); script_version("3.8"); script_cvs_date("Date: 2019/03/15 10:28:27"); script_cve_id("CVE-2017-14517", "CVE-2017-14518", "CVE-2017-14519", "CVE-2017-14520", "CVE-2017-14975", "CVE-2017-14976", "CVE-2017-14977", "CVE-2017-15565", "CVE-2017-9406", "CVE-2017-9408", "CVE-2017-9775", "CVE-2017-9776", "CVE-2017-9865"); script_xref(name:"DSA", value:"4079"); script_name(english:"Debian DSA-4079-1 : poppler - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/poppler" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/poppler" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/poppler" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4079" ); script_set_attribute( attribute:"solution", value: "Upgrade the poppler packages. For the oldstable distribution (jessie), these problems have been fixed in version 0.26.5-2+deb8u2. For the stable distribution (stretch), these problems have been fixed in version 0.48.0-2+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"gir1.2-poppler-0.18", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-cpp-dev", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-cpp0", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-dev", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-glib-dev", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-glib-doc", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-glib8", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-private-dev", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-qt4-4", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-qt4-dev", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-qt5-1", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler-qt5-dev", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libpoppler46", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"poppler-dbg", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"poppler-utils", reference:"0.26.5-2+deb8u2")) flag++; if (deb_check(release:"9.0", prefix:"gir1.2-poppler-0.18", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-cpp-dev", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-cpp0v5", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-dev", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-glib-dev", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-glib-doc", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-glib8", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-private-dev", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-qt4-4", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-qt4-dev", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-qt5-1", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler-qt5-dev", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpoppler64", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"poppler-dbg", reference:"0.48.0-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"poppler-utils", reference:"0.48.0-2+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2017-93868169A0.NASL description This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-08-11 plugin id 102397 published 2017-08-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102397 title Fedora 24 : mingw-poppler (2017-93868169a0) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2551.NASL description An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 102951 published 2017-09-05 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102951 title RHEL 7 : poppler (RHSA-2017:2551) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0118_POPPLER.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has poppler packages installed that are affected by a vulnerability: - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127361 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127361 title NewStart CGSL MAIN 4.05 : poppler Vulnerability (NS-SA-2019-0118) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2550.NASL description An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 102950 published 2017-09-05 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102950 title RHEL 6 : poppler (RHSA-2017:2550) NASL family Misc. NASL id POPPLER_0_56.NASL description The version of Poppler installed on the remote host is prior to 0.56.0. It is, therefore, affected by multiple vulnerabilities : - A stack-based overflow condition exists in the getColor() function in GfxState.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF document, to crash the process, resulting in a denial of service condition. (CVE-2017-9775) - An integer overflow condition exists in the combine() function in JBIG2Stream.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-9775) last seen 2020-04-23 modified 2017-06-30 plugin id 101167 published 2017-06-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101167 title Poppler < 0.56.0 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2017-5112220E59.NASL description - various flaws: CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 ---- - CVE-2017-9406 CVE-2017-9408 various memory leak flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101633 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101633 title Fedora 26 : poppler (2017-5112220e59) NASL family Fedora Local Security Checks NASL id FEDORA_2017-9FA2CEFA7A.NASL description This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-28 plugin id 102028 published 2017-07-28 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102028 title Fedora 25 : mingw-poppler (2017-9fa2cefa7a) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1229.NASL description According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) - An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103087 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103087 title EulerOS 2.0 SP1 : poppler (EulerOS-SA-2017-1229) NASL family Fedora Local Security Checks NASL id FEDORA_2017-BBB664E0A0.NASL description This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-28 plugin id 102029 published 2017-07-28 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102029 title Fedora 26 : mingw-poppler (2017-bbb664e0a0) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7EAEC3353D.NASL description - various flaws: CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 ---- - CVE-2017-9406 CVE-2017-9408 various memory leak flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-19 plugin id 101796 published 2017-07-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101796 title Fedora 25 : poppler (2017-7eaec3353d) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1998-1.NASL description This update for poppler fixes the following issues: Security issues fixed : - CVE-2017-9775: Fix a stack overflow bug in pdftocairo that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045719) - CVE-2017-9776: Fix an integer overflow bug that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045721) - CVE-2017-9408: Fix a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1042802) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102069 published 2017-07-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102069 title SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1998-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-883.NASL description This update for poppler fixes the following issues : Security issues fixed : - CVE-2017-9775: DoS stack-based buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: NULL pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-08-07 plugin id 102217 published 2017-08-07 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102217 title openSUSE Security Update : poppler (openSUSE-2017-883) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-902.NASL description Stack-buffer overflow in GfxState.cc : A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) Integer overflow in JBIG2Stream.cc : An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 103572 published 2017-10-02 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103572 title Amazon Linux AMI : poppler (ALAS-2017-902) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2550.NASL description From Red Hat Security Advisory 2017:2550 : An update for poppler is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 102850 published 2017-08-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102850 title Oracle Linux 6 : poppler (ELSA-2017-2550) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0147.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Resolves: rhbz#1479815 (CVE-2017-9776) - Don last seen 2020-06-01 modified 2020-06-02 plugin id 102905 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102905 title OracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1999-1.NASL description This update for poppler fixes the following issues: Security issues fixed : - CVE-2017-9775: DoS stack-based buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: NULL pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102070 published 2017-07-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102070 title SUSE SLED12 / SLES12 Security Update : poppler (SUSE-SU-2017:1999-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2551.NASL description From Red Hat Security Advisory 2017:2551 : An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 102851 published 2017-08-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102851 title Oracle Linux 7 : poppler (ELSA-2017-2551) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2551.NASL description An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es) : * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) last seen 2020-06-01 modified 2020-06-02 plugin id 102884 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102884 title CentOS 7 : poppler (CESA-2017:2551)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|